[BugTales] REUnziP: Re-Exploiting Huawei Recovery With FaultyUSB

Last year we published UnZiploc, our research into Huawei’s OTA update implementation. Back then, we have successfully identified logic vulnerabilities in the implementation of the Huawei recovery image that allowed root privilege code execution to be achieved by remote or local attackers. After Huawei fixed the vulnerabilities we have reported, we decided to take a second look at the new and improved recovery mode update process.
This time, we managed to identify a new vulnerability in a proprietary mode called …

attackers back code code execution exploiting huawei identify local logic managed mode privilege process recovery research root update vulnerabilities